"
thx meyergru - I found out that when I set in the wireguard client under the [interface] section "Table = off" which I guess prevents wireguard from modifying the routing table, the port forwarding does work again - jeez networking is hard - i will look into your advise and see if/how i can segment my networks
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
25.7 Series / Re: port forwarding
August 18, 2025, 08:34:26 PM
wireguard "server" is on the internet, pretty much all hosts on 192.168.2.0/24 are a wireguard "client" (except *.3 and *.10), so 192.168.2.15 is also a wireguard client and also hosts a webserver and other services
to test if wireguard is causing the issue i disabled the wireguard client on *.15 and I do get a connection, so indeed wireguard screws up the gateway setting?
how would i get that fixed?
to test if wireguard is causing the issue i disabled the wireguard client on *.15 and I do get a connection, so indeed wireguard screws up the gateway setting?
how would i get that fixed?
#3
25.7 Series / Re: port forwarding
August 18, 2025, 06:39:45 PM
yes, had checked those but there seems to be a gateway problem maybe, running tcpdump on webserver hosts shows the below:
aqua is my wireguard interface on host I'm forwarding the port to, all clients (except the one ending on *.3 and *.10) have a vpn working connecting to a vpn server on the internet, I guess that is somehow messing with the gateway?
Code Select
tcpdump -i enp116s0 port 8080
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp116s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
18:31:32.489213 IP _gateway.8080 > aqua.50256: Flags [P.], seq 4290346268:4290346328, ack 1999504314, win 514, options [nop,nop,TS val 415337249 ecr 1851539844], length 60
18:31:32.489259 IP aqua.50256 > _gateway.8080: Flags [P.], seq 1:37, ack 60, win 12703, options [nop,nop,TS val 1851569922 ecr 415337249], length 36
18:31:32.489400 IP _gateway.8080 > aqua.50256: Flags [.], ack 37, win 514, options [nop,nop,TS val 415337249 ecr 1851569922], length 0aqua is my wireguard interface on host I'm forwarding the port to, all clients (except the one ending on *.3 and *.10) have a vpn working connecting to a vpn server on the internet, I guess that is somehow messing with the gateway?
Code Select
ip route
default via 192.168.2.1 dev enp116s0 proto static
10.110.19.0/24 dev aqua.wg proto kernel scope link src 10.110.19.20
192.168.2.0/24 dev enp116s0 proto kernel scope link src 192.168.2.23
[root@aqua funky1]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 enp116s0
10.110.19.0 0.0.0.0 255.255.255.0 U 0 0 0 aqua.wg
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp116s0
#4
25.7 Series / Re: port forwarding
August 18, 2025, 04:09:28 PM
thank you for the suggestion, I have some tcpdump commands on my firewall and then I tried to establish a connection from outside,
i thought let's change the ip to *.3 and see what happens when it does work and establishes a connection:
when i try tcpdump on my other interfaces ax0 and/or ax1 i get nothing on both accounts
I have have internal webservers running on port 8080 on lan ip *.15 *.142 *.16 *.17 all accessible internally I tried forwarding to those as well but no luck
Code Select
tcpdump -i pppoe0 port 36570
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on pppoe0, link-type NULL (BSD loopback), snapshot length 262144 bytes
13:55:49.054018 IP 95-44-98-92.ftth.glasoperator.nl.52494 > 181.22.134.122.36570: Flags [S], seq 1266372702, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 2228375155 ecr 0,sackOK,eol], length 0
13:55:50.053916 IP 95-44-98-92.ftth.glasoperator.nl.52494 > 181.22.134.122.36570: Flags [S], seq 1266372702, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 2228376156 ecr 0,sackOK,eol], length 0
13:55:51.055410 IP 95-44-98-92.ftth.glasoperator.nl.52494 > 181.22.134.122.36570: Flags [S], seq 1266372702, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 2228377158 ecr 0,sackOK,eol], length 0
13:55:52.057047 IP 95-44-98-92.ftth.glasoperator.nl.52494 > 181.22.134.122.36570: Flags [S], seq 1266372702, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 2228378159 ecr 0,sackOK,eol], length 0
13:55:53.059336 IP 95-44-98-92.ftth.glasoperator.nl.52494 > 181.22.134.122.36570: Flags [S], seq 1266372702, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 2228379160 ecr 0,sackOK,eol], length 0
13:55:54.060072 IP 95-44-98-92.ftth.glasoperator.nl.52494 > 181.22.134.122.36570: Flags [S], seq 1266372702, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 2228380161 ecr 0,sackOK,eol], length 0
13:55:56.060877 IP 95-44-98-92.ftth.glasoperator.nl.52494 > 181.22.134.122.36570: Flags [S], seq 1266372702, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 2228382162 ecr 0,sackOK,eol], length 0
13:56:00.065529 IP 95-44-98-92.ftth.glasoperator.nl.52494 > 181.22.134.122.36570: Flags [S], seq 1266372702, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 2228386163 ecr 0,sackOK,eol], length 0
^C
8 packets captured
6988 packets received by filter
0 packets dropped by kerneli thought let's change the ip to *.3 and see what happens when it does work and establishes a connection:
Code Select
tcpdump -i pppoe0 port 36570
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on pppoe0, link-type NULL (BSD loopback), snapshot length 262144 bytes
13:59:04.706899 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [S], seq 3564263277, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 3991835895 ecr 0,sackOK,eol], length 0
13:59:04.707548 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [S.], seq 891614574, ack 3564263278, win 65160, options [mss 1460,sackOK,TS val 1648323393 ecr 3991835895,nop,wscale 7], length 0
13:59:04.762413 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [.], ack 1, win 2052, options [nop,nop,TS val 3991835951 ecr 1648323393], length 0
13:59:04.762909 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [P.], seq 1:22, ack 1, win 2052, options [nop,nop,TS val 3991835951 ecr 1648323393], length 21
13:59:04.763362 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [.], ack 22, win 509, options [nop,nop,TS val 1648323449 ecr 3991835951], length 0
13:59:04.834003 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [P.], seq 1:41, ack 22, win 509, options [nop,nop,TS val 1648323520 ecr 3991835951], length 40
13:59:04.888644 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [.], ack 41, win 2052, options [nop,nop,TS val 3991836077 ecr 1648323520], length 0
13:59:04.889089 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [P.], seq 41:1177, ack 22, win 509, options [nop,nop,TS val 1648323575 ecr 3991836077], length 1136
13:59:04.891651 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [.], seq 22:1390, ack 41, win 2052, options [nop,nop,TS val 3991836080 ecr 1648323520], length 1368
13:59:04.891657 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [P.], seq 1390:1590, ack 41, win 2052, options [nop,nop,TS val 3991836080 ecr 1648323520], length 200
13:59:04.892093 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [.], ack 1390, win 499, options [nop,nop,TS val 1648323578 ecr 3991836080], length 0
13:59:04.892098 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [.], ack 1590, win 498, options [nop,nop,TS val 1648323578 ecr 3991836080], length 0
13:59:04.941646 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [.], ack 1177, win 2035, options [nop,nop,TS val 3991836131 ecr 1648323575], length 0
13:59:04.961532 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [P.], seq 1590:2798, ack 1177, win 2048, options [nop,nop,TS val 3991836151 ecr 1648323578], length 1208
13:59:04.961946 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [.], ack 2798, win 498, options [nop,nop,TS val 1648323648 ecr 3991836151], length 0
13:59:04.983387 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [.], seq 1177:2545, ack 2798, win 508, options [nop,nop,TS val 1648323669 ecr 3991836151], length 1368
13:59:04.983392 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [P.], seq 2545:2741, ack 2798, win 508, options [nop,nop,TS val 1648323669 ecr 3991836151], length 196
13:59:05.037549 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [.], ack 2545, win 2027, options [nop,nop,TS val 3991836227 ecr 1648323669], length 0
13:59:05.037561 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [.], ack 2741, win 2024, options [nop,nop,TS val 3991836227 ecr 1648323669], length 0
13:59:10.052319 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [P.], seq 2798:2814, ack 2741, win 2048, options [nop,nop,TS val 3991841237 ecr 1648323669], length 16
13:59:10.094741 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [.], ack 2814, win 508, options [nop,nop,TS val 1648328781 ecr 3991841237], length 0
13:59:10.152864 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [P.], seq 2814:2858, ack 2741, win 2048, options [nop,nop,TS val 3991841342 ecr 1648328781], length 44
13:59:10.153109 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [.], ack 2858, win 508, options [nop,nop,TS val 1648328839 ecr 3991841342], length 0
13:59:10.153298 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [P.], seq 2741:2785, ack 2858, win 508, options [nop,nop,TS val 1648328839 ecr 3991841342], length 44
13:59:10.209736 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [.], ack 2785, win 2048, options [nop,nop,TS val 3991841399 ecr 1648328839], length 0
13:59:10.210202 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [P.], seq 2858:2926, ack 2785, win 2048, options [nop,nop,TS val 3991841399 ecr 1648328839], length 68
13:59:10.225126 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [P.], seq 2785:2837, ack 2926, win 508, options [nop,nop,TS val 1648328911 ecr 3991841399], length 52
13:59:10.276209 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [.], ack 2837, win 2048, options [nop,nop,TS val 3991841465 ecr 1648328911], length 0
13:59:12.475250 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [P.], seq 2926:3074, ack 2837, win 2048, options [nop,nop,TS val 3991843664 ecr 1648328911], length 148
13:59:12.518682 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [.], ack 3074, win 508, options [nop,nop,TS val 1648331205 ecr 3991843664], length 0
13:59:14.312354 IP 181.22.134.122.36570 > 95-44-98-92.ftth.glasoperator.nl.52644: Flags [P.], seq 2837:2889, ack 3074, win 508, options [nop,nop,TS val 1648332998 ecr 3991843664], length 52
13:59:14.391277 IP 95-44-98-92.ftth.glasoperator.nl.52644 > 181.22.134.122.36570: Flags [.], ack 2889, win 2048, options [nop,nop,TS val 3991845580 ecr 1648332998], length 0
^C
32 packets captured
4488 packets received by filter
0 packets dropped by kernelwhen i try tcpdump on my other interfaces ax0 and/or ax1 i get nothing on both accounts
I have have internal webservers running on port 8080 on lan ip *.15 *.142 *.16 *.17 all accessible internally I tried forwarding to those as well but no luck
#5
25.7 Series / Re: port forwarding
August 18, 2025, 03:07:27 PM
no, that is not the problem, because when I ask it to forward port 36570 to 192.168.2.3 or 192.168.2.10 it does work, the port is forwarded, so the problem must be something different
#6
25.7 Series / port forwarding
August 18, 2025, 12:33:15 PM
I'm running opnsense 25.7.1 on a dec750
i have fiber from my ISP come into the house, connected to the dec750, I have ipv4 (and ipv6 but not using it on local lan) external IP, my internal lan is on 192.168.2.0/24, internet works fine, i also have port forwarding working e.g. for lan client *.3, also for the *.10 one, it does work.
Here my NAT port forward config:
and here my Rules WAN:
Now I want to add another port forward rule e.g. forward incoming port 36570 to internal ip *.15 and port 8080 (e.g. running a webserver), I used the "clone" function next to the existing port 443 rule
and
I applied the changes, even restarted the router but the forward rule does not work. What am I missing here?
i have fiber from my ISP come into the house, connected to the dec750, I have ipv4 (and ipv6 but not using it on local lan) external IP, my internal lan is on 192.168.2.0/24, internet works fine, i also have port forwarding working e.g. for lan client *.3, also for the *.10 one, it does work.
Here my NAT port forward config:
and here my Rules WAN:
Now I want to add another port forward rule e.g. forward incoming port 36570 to internal ip *.15 and port 8080 (e.g. running a webserver), I used the "clone" function next to the existing port 443 rule
and
I applied the changes, even restarted the router but the forward rule does not work. What am I missing here?
#7
Tutorials and FAQs / Re: Odido ISP Netherlands Connection Guide
April 21, 2024, 07:24:56 PM
thanks again netnut (nice nick btw :) ) I can read/understand dutch, had a look, will check when I will start using the ONT/PON, once i got a local lan working
#8
Tutorials and FAQs / Re: Odido ISP Netherlands Connection Guide
April 21, 2024, 06:10:08 PM
thanks, indeed with odido that should work as you say, though I wonder if I could also replace the PON and directly plug the fiber cable into the baremetal.
As for the spf+ "no carrier" problem, it seems to be a driver issue, tried freebsd 14 live and still not working but in ubuntu it does.
Also posted here https://forums.freebsd.org/threads/cant-get-sfp-nic-to-work-amd-driver-issue.93186/ let's see if it can be fixed somehow.
As for the spf+ "no carrier" problem, it seems to be a driver issue, tried freebsd 14 live and still not working but in ubuntu it does.
Also posted here https://forums.freebsd.org/threads/cant-get-sfp-nic-to-work-amd-driver-issue.93186/ let's see if it can be fixed somehow.
#9
Tutorials and FAQs / Odido ISP Netherlands Connection Guide
April 20, 2024, 01:51:03 PM
hi all :)
I'm having some trouble to get my Internet working with Odido in NL, so I thought to start this threat which hopefully when solved can be a guide for people to use their own modem/router as well for Odido in NL.
Some links from that might be helpful for own modem/router setup:
https://community.odido.nl/thuisnetwerk-539/how-to-edgerouter-iptv-internet-342141
https://community.odido.nl/bekabeld-internet-492/redelijk-eenvoudig-aansluiten-eigen-router-edgerouter-4-inclusief-tv-330666
https://community.odido.nl/thuisnetwerk-566/my-own-modem-357022
Official settings to be used provided by Odido:
https://assets.odido.nl/x/6ba57ca29d/eigen-modem-modem-instellingen.pdf
I just upgraded to a 8 gbps fiber WAN connection, earlier 1 gbps. (fyi there is no ipv6 support, so all only on ipv4)
fiberoptic cable comes into the apartment and goes into PON
Odido provides for speeds above 1 gbps the following PON:
It has a 10gbps RJ45 port that would go into the WAN port of the Odido provided Zyxel T-75 (which is a zyxel-ex7501-b0).
Earlier I had already replaced the provide modem when I was on 1 gbps. The RJ45 cable from the PON was plugged into a T2500G-10TS (tp-link 1G 8 port switch) on which I had created a VLAN on TAG ID 300.
Then another RJ45 cable from the T2500G-10TS went into my Ubiquiti edgerouter lite into eth0 which was configured to receive IP via dhcp (no other config on vlan or else on that nic).
eth1 was configured to run dhcp server and went into a switch for my local network etc.
That all works.
Now I got a baremetal machine:
I installed OPNsense on it, no problems and it is running:
I want one of the sfp+ sockets to be the "WAN" socket, so I connected the RJ45 cable from the PON to this sfp+ port. For now I will configure one of the RJ45 (igc0) to have a static local lan IP (10.0.0.120) so I can reach opnsense machine to configure it, the other RJ45 (igc1) I will configure for now to dhcp. I set it in the following way:
Then I enabled the igc0 interface and set a static ip from my local network (10.0.0.120) to it, that is also the IP through which I then start accessing the OPNsense box via my laptop in the local network to do the settings (the other end of the cable goes into a temporary wifi access point).
Odido splits up internet, voip, and iptv into three vlan's. I only use their internet which is on VLAN 300, so did the following:
This is not working, there is no IP being assigned.
For testing purposes I configured on the baremetal opnsense machine as above but using one of the RJ45 as WAN port and not the sfp+ (ax1). That did work, the interface gets an IP assigned from the provider. So I assume there must be an issue with the sfp+
Decided to test the following, create a local network from the baremetal machine sfp+ with local server on 10.0.0.x network who also has sfp+ nic interface, which is already configured on static ip 10.0.0.15.
Configured on opensense new (removed vlan setting etc. from before) sfp+ (ax1) to static ip 10.0.0.5 connected the sfp+ on the opnsense baremetal and the local server sfp+ but opnsense shows no carrier and the machines cannot ping each other.
The LEDs on the physical NICs on both ends shows cables are plugged in.
fyi I do know the sfp+ interfaces, cables etc. are working, before I installed pfsense i had ubuntu on the baremetal running and had established successful connections with the sfp+ nics and the local server.
Tried the following on sfp+ on baremetal:
^ax0 is connected with a DAC cable 10Gtek 7meters CAP-10GSFP-P7M 10GBase-CU to a arch linux machine who has an Intel X710 NIC with two sfp+ ports.
Connection info (ifconfig/ethtool) on arch linux shows this:
Also on baremetal configured WAN device to get IP via dhcp4 and be ax1 (which is using the sfp+ Walsun with RJ45 cable cat6e, 1meter):
From dmesg on baremetal/opnsense:
ifconfig on baremetal/opnsense:
I'm having some trouble to get my Internet working with Odido in NL, so I thought to start this threat which hopefully when solved can be a guide for people to use their own modem/router as well for Odido in NL.
Some links from that might be helpful for own modem/router setup:
https://community.odido.nl/thuisnetwerk-539/how-to-edgerouter-iptv-internet-342141
https://community.odido.nl/bekabeld-internet-492/redelijk-eenvoudig-aansluiten-eigen-router-edgerouter-4-inclusief-tv-330666
https://community.odido.nl/thuisnetwerk-566/my-own-modem-357022
Official settings to be used provided by Odido:
https://assets.odido.nl/x/6ba57ca29d/eigen-modem-modem-instellingen.pdf
I just upgraded to a 8 gbps fiber WAN connection, earlier 1 gbps. (fyi there is no ipv6 support, so all only on ipv4)
fiberoptic cable comes into the apartment and goes into PON
Odido provides for speeds above 1 gbps the following PON:
QuoteOptiXstar HN8010Ts-20 XGS-PON Terminal (it is setup to run on ip 192.168.100.1)
It has a 10gbps RJ45 port that would go into the WAN port of the Odido provided Zyxel T-75 (which is a zyxel-ex7501-b0).
Earlier I had already replaced the provide modem when I was on 1 gbps. The RJ45 cable from the PON was plugged into a T2500G-10TS (tp-link 1G 8 port switch) on which I had created a VLAN on TAG ID 300.
Then another RJ45 cable from the T2500G-10TS went into my Ubiquiti edgerouter lite into eth0 which was configured to receive IP via dhcp (no other config on vlan or else on that nic).
eth1 was configured to run dhcp server and went into a switch for my local network etc.
That all works.
Now I got a baremetal machine:
Quote4x2.5 gbps RJ45 sockets (igc0 to igc3)
igc0: <Intel(R) Ethernet Controller I226-IT> mem 0xfc900000-0xfc9fffff,0xfca00000-0xfca03fff at device 0.0 on pci4
igc0: Using 1024 TX descriptors and 1024 RX descriptors
igc0: Using 4 RX queues 4 TX queues
igc0: Using MSI-X interrupts with 5 vectors
igc0: Ethernet address: d0:63:b4:05:47:3f
igc0: netmap queues/slots: TX 4/1024, RX 4/1024
2xSFP+ sockets (ax0 and ax1)
ax0: <AMD 10 Gigabit Ethernet Driver> mem 0xfcb60000-0xfcb7ffff,0xfcb40000-0xfcb5ffff,0xfcb82000-0xfcb83fff at device 0.2 on pci10
ax0: Using 512 TX descriptors and 512 RX descriptors
ax0: Using 3 RX queues 3 TX queues
ax0: Using MSI-X interrupts with 7 vectors
ax0: Ethernet address: d0:63:b4:05:47:43
ax0: xgbe_config_sph_mode: SPH disabled in channel 0
ax0: xgbe_config_sph_mode: SPH disabled in channel 1
ax0: xgbe_config_sph_mode: SPH disabled in channel 2
ax0: RSS Enabled
ax0: Receive checksum offload Enabled
ax0: VLAN filtering Enabled
ax0: VLAN Stripping Enabled
ax0: Checking GPIO expander validity
ax0: GPIO configuration valid
ax0: SFP detected:
ax0: vendor: OEM
ax0: part number: SFP-H10GB-CU5M
ax0: revision level: 09
ax0: serial number: CSC231202820014
ax0: netmap queues/slots: TX 3/512, RX 3/512
ax1: xgbe_phy_sfp_signals: port_sfp_inputs: 0x7
ax1: xgbe_phy_sfp_detect: mod absent
ax1: xgbe_phy_sfp_signals: port_sfp_inputs: 0x2
ax1: SFP detected:
ax1: vendor: Walsun
ax1: part number: HXSX-ATRI-1
ax1: revision level: 1.0
ax1: serial number: H230S014913
ax1: xgbe_phy_sfp_signals: port_sfp_inputs: 0x0
1xwifi (iwlwifi0_wlan1)
2x5G SIM slots.
I installed OPNsense on it, no problems and it is running:
QuoteOPNsense 24.1-amd64
FreeBSD 13.2-RELEASE-p9
OpenSSL 3.0.12
FreeBSD OPNsense.localdomain 13.2-RELEASE-p9 FreeBSD 13.2-RELEASE-p9 stable/24.1-n254969-8659880248c SMP amd6
I want one of the sfp+ sockets to be the "WAN" socket, so I connected the RJ45 cable from the PON to this sfp+ port. For now I will configure one of the RJ45 (igc0) to have a static local lan IP (10.0.0.120) so I can reach opnsense machine to configure it, the other RJ45 (igc1) I will configure for now to dhcp. I set it in the following way:
Quote
In Interfaces-->Assignments-->I added 2 RJ45 lan interfaces (igc0 and igc1)
Then I enabled the igc0 interface and set a static ip from my local network (10.0.0.120) to it, that is also the IP through which I then start accessing the OPNsense box via my laptop in the local network to do the settings (the other end of the cable goes into a temporary wifi access point).
Odido splits up internet, voip, and iptv into three vlan's. I only use their internet which is on VLAN 300, so did the following:
QuoteInterfaces-->Other Types-->VLAN hit the plus to add a VLAN selected the SFP+ (ax1) as parent, set VLAN tag to 300 and saved it, then:
In Interfaces-->Assignments i assign device VLAN to sfp+ (ax1) interface and set it to dhcp.
This is not working, there is no IP being assigned.
QuoteThis should work but does not, it shows as if no cable is connected and says "no carrier". Connecting via ssh to the opnsense box and checking with ifconfig the interfaces, the sfp+ (ax1) interface shows
media: Ethernet autoselect
status: no carrier
For testing purposes I configured on the baremetal opnsense machine as above but using one of the RJ45 as WAN port and not the sfp+ (ax1). That did work, the interface gets an IP assigned from the provider. So I assume there must be an issue with the sfp+
Decided to test the following, create a local network from the baremetal machine sfp+ with local server on 10.0.0.x network who also has sfp+ nic interface, which is already configured on static ip 10.0.0.15.
Configured on opensense new (removed vlan setting etc. from before) sfp+ (ax1) to static ip 10.0.0.5 connected the sfp+ on the opnsense baremetal and the local server sfp+ but opnsense shows no carrier and the machines cannot ping each other.
The LEDs on the physical NICs on both ends shows cables are plugged in.
fyi I do know the sfp+ interfaces, cables etc. are working, before I installed pfsense i had ubuntu on the baremetal running and had established successful connections with the sfp+ nics and the local server.
Tried the following on sfp+ on baremetal:
^ax0 is connected with a DAC cable 10Gtek 7meters CAP-10GSFP-P7M 10GBase-CU to a arch linux machine who has an Intel X710 NIC with two sfp+ ports.
Connection info (ifconfig/ethtool) on arch linux shows this:
Quoteenp7s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.133.120.3 netmask 255.255.255.0 broadcast 10.133.120.255
inet6 fe80::3efd:feff:fe9e:cb7c prefixlen 64 scopeid 0x20<link>
ether 3c:fd:fe:9e:cb:7c txqueuelen 1000 (Ethernet)
RX packets 3380 bytes 612591 (598.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 647268 bytes 94844545 (90.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp7s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet6 fe80::3efd:feff:fe9e:cb7e prefixlen 64 scopeid 0x20<link>
ether 3c:fd:fe:9e:cb:7e txqueuelen 1000 (Ethernet)
RX packets 67949 bytes 26850373 (25.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 76359 bytes 10329417 (9.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Quoteethtool enp7s0f0On the baremetal OPNsense machine I set up a static ip on sftp+ nic ax0.
Settings for enp7s0f0:
Supported ports: [ FIBRE ]
Supported link modes: 10000baseT/Full
Supported pause frame use: Symmetric Receive-only
Supports auto-negotiation: No
Supported FEC modes: Not reported
Advertised link modes: 10000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: No
Advertised FEC modes: Not reported
Speed: 10000Mb/s
Duplex: Full
Auto-negotiation: off
Port: Direct Attach Copper
PHYAD: 0
Transceiver: internal
Supports Wake-on: g
Wake-on: g
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes
ethtool enp7s0f1
Settings for enp7s0f1:
Supported ports: [ FIBRE ]
Supported link modes: 10000baseT/Full
Supported pause frame use: Symmetric Receive-only
Supports auto-negotiation: No
Supported FEC modes: Not reported
Advertised link modes: 10000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: No
Advertised FEC modes: Not reported
Speed: Unknown!
Duplex: Unknown! (255)
Auto-negotiation: off
Port: Direct Attach Copper
PHYAD: 0
Transceiver: internal
Supports Wake-on: g
Wake-on: g
Current message level: 0x00000007 (7)
drv probe link
Link detected: no
Also on baremetal configured WAN device to get IP via dhcp4 and be ax1 (which is using the sfp+ Walsun with RJ45 cable cat6e, 1meter):
From dmesg on baremetal/opnsense:
Quote
ax0: xgbe_phy_sfp_signals: port_sfp_inputs: 0x0
ax0: SFP detected:
ax0: vendor: OEM
ax0: part number: SFP-H10GB-CU5M
ax0: revision level: 09
ax0: serial number: CSC231202820016
ax1: xgbe_phy_sfp_signals: port_sfp_inputs: 0x7
ax1: xgbe_phy_sfp_detect: mod absent
ax1: xgbe_phy_sfp_signals: port_sfp_inputs: 0x2
ax1: SFP detected:
ax1: vendor: Walsun
ax1: part number: HXSX-ATRI-1
ax1: revision level: 1.0
ax1: serial number: H230S014913
ax1: xgbe_phy_sfp_signals: port_sfp_inputs: 0x0
ifconfig on baremetal/opnsense:
Quoteax0: flags=8867<UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500not sure what to try next, any suggestions please?
description: OPT1 (opt1)
options=4e0032b<RXCSUM,TXCSUM,VLAN_MTU,JUMBO_MTU,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether d0:63:b4:05:47:43
inet 10.133.120.125 netmask 0xffffff00 broadcast 10.133.120.255
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ax1: flags=8867<UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LANSFP (opt1)
options=4e0032b<RXCSUM,TXCSUM,VLAN_MTU,JUMBO_MTU,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether d0:63:b4:05:47:44
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Pages1
